How to Install an Open-Source Antivirus on CentOS

Renz Ladroma
Nov 20, 2019 · 4 min read

Introduction
Linux operating systems are considered to be more stable and secure than other operating systems. However, viruses and threats can live anywhere and Linux may not be completely immune to threats. Viruses can harm systems regardless the operating system used. Installing an antivirus to a Linux server can protect it from malware, viruses or any malicious attacks.

There are plenty of antivirus options out there for Linux servers but in this tutorial, we are going to use ClamAV, an open-source antivirus solution against security threats to install on CentOS distribution. It is used for detecting Trojans, viruses, malware and other malicious threats. It’s a standard for mail gateway scanning software and supports almost all mail file formats. It can scan within archives and compressed files (also protects against archive bombs), the built-in support includes Zip, Tar, 7Zip, Rar among others.

Requirements
In this tutorial, you only need a CentOS 7 server and a root or sudo access. ClamAV does not require any dependencies or special hardware for it to work. If you are logged in as non-root user, you can use sudo command.

Tutorial

1. Before we install ClamAV, let’s first update the system and packages using the command below:

yum -y update

2. After updating the system, we need to add the EPEL repository in the CentOS by running the following commands below:

yum -y install epel-release

yum clean all

3. By default, ClamAV is not available in the default repository of CentOS. Let’s install ClamAV on the server by simply running the following command:

sudo yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

4. We now have installed ClamAV but we still need to make several additional configurations before we run it.

Since we are working on CentOS, it comes with SELinux, a security measure aimed at protecting changes to some files. Thus, SELinux may deny access to files, which will generate errors and warning.

What we can do so that ClamAV can access all the files in the server is either:

a. Disable SELinux

setenforce 0

or

b. Modify SELinux configuration to allow ClamAV

setsebool -P antivirus_can_scan_system 1

setsebool -P clamd_use_jit 1

5. To verify the status of SELinux for ClamAV, run the command below:

sudo getsebool -a | grep antivirus

You should be able to get the following output:

antivirus_can_scan_system — > on

antivirus_use_jit — > off

6. Now, let’s proceed in configuring ClamAV. We will need to modify the configuration file of ClamAV, which by default, is created at /etc/clamd.d/scan.conf. Before we can configure this, we need to remove or comment out the word ‘Example’ string from the configuration file:

sed -i -e “s/^Example/#Example/” /etc/clamd.d/scan.conf

Or you can just open the file in your editor and remove the text Example from the file.

7. Open the scanner configuration file in your editor, uncomment the line #LocalSocket /var/run/clamd.scan/clamd.sock to

LocalSocket /var/run/clamd.scan/clamd.sock

8. We can now run Freshclam using the following command:

freshclam

The output should be something like this:

Image for post
Image for post

To check if the database is up to date or not, run the same command freshclam again, if any update is available, it will update it or it will show you that everything is up to date.

Image for post
Image for post

9. To start the service and enable it to automatically start at boot time, run the following command:

systemctl start freshclam

systemctl enable freshclam

10. You can also check the status of our newly created freshclam service using the command below:

systemctl status freshclam

The output should be something like this:

Image for post
Image for post

11. To start the scanner service of ClamAV, run this command:

systemctl start clamd@scan

12. To automatically start the service at boot time, run the following command.

systemctl enable clamd@scan

13. To check the status of scanner service, run the command:
systemctl status clamd@scan

The output should be something like this:

Image for post
Image for post

You can also use clamconf utility to check the configuration files. This utility will display the configuration of config file clam.conf and freshclam.conf. It will display information about software settings, database, platform, and build information. To use this utility run the following command.

clamconf

The sample output of the command is:

Image for post
Image for post

The Startup

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store